Ubuntu: 2012-1: Light Display Manager vulnerability

Nov08
by Ike on November 8, 2013 at 6:57 am
Posted In: Uncategorized

(Nov 6) Light Display Manager could be made to expose sensitive informationlocally.

 Comment 

Red Hat: 2013:1508-01: java-1.6.0-ibm: Critical Advisory

Nov08
by Ike on November 8, 2013 at 5:54 am
Posted In: Uncategorized

(Nov 7) Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]

 Comment 

Red Hat: 2013:1507-01: java-1.7.0-ibm: Critical Advisory

Nov08
by Ike on November 8, 2013 at 5:54 am
Posted In: Uncategorized

(Nov 7) Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]

 Comment 

[20131103] Core XSS Vulnerability

Nov07
by Ike on November 7, 2013 at 8:29 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-26
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith

 Comment 

Parallels Plesk Panel 11.5.30 MU#22

Nov07
by Ike on November 7, 2013 at 1:10 pm
Posted In: Uncategorized

The following functionalities were improved:

[*]Security improvements (PPPM-970)

[*]The parameter “OLD_LOGIN_NAME” was added for the following event handlers: “Domain deleted”, “Default domain, alias deleted”, “Domain alias deleted”, “Subdomain deleted”, and “Subdomain of a default domain deleted”. This parameter returns the username of the object owner.

[*]The administrator can now prohibit all customers from changing the name of their system user, even the customers granted the Hosting settings management permission. The following command can be used on Linux systems:
# plesk bin server_pref -forbid-ftp-user-rename <true|false|forced>
The following command can be used on Windows systems:
“%plesk_bin%”server_pref -forbid-ftp-user-rename <true|false|forced>

The following issue was resolved:

[-] File manager could not open files for viewing if these files contained umlauts or symbols encoded in CP1251. (PPPM-942)

 Comment 

58 queries. 8.25 mb Memory usage. 1.235 seconds.